Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 5e49bb65fb2d5e3d5513bcd419de0df8b93fcd5d / . / core / installer / welcome / dodo_app.go
blob: 4535be2f9615512f522c59337495c472abf39a26 [file] [log] [blame]
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]1package welcome
2
3import (
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]4 "context"
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]5 "embed"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]6 "encoding/json"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]7 "errors"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]8 "fmt"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]9 "golang.org/x/crypto/bcrypt"
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]10 "html/template"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]11 "io"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]12 "io/fs"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]13 "net/http"
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]14 "slices"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]15 "strings"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]16 "sync"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]17
18 "github.com/giolekva/pcloud/core/installer"
19 "github.com/giolekva/pcloud/core/installer/soft"
gio33059762024-07-05 13:19:07 +0400[diff] [blame]20
21 "github.com/gorilla/mux"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]22 "github.com/gorilla/securecookie"
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]23)
24
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]25//go:embed dodo-app-tmpl/*
26var dodoAppTmplFS embed.FS
27
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]28//go:embed all:app-tmpl
29var appTmplsFS embed.FS
30
31//go:embed static
32var staticResources embed.FS
33
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]34const (
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]35 ConfigRepoName = "config"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]36 namespacesFile = "/namespaces.json"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]37 loginPath = "/login"
38 logoutPath = "/logout"
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]39 staticPath = "/static"
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]40 sessionCookie = "dodo-app-session"
41 userCtx = "user"
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]42)
43
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]44var types = []string{"golang:1.22.0", "golang:1.20.0", "hugo:latest"}
45
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]46type dodoAppTmplts struct {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]47 index *template.Template
48 appStatus *template.Template
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]49}
50
51func parseTemplatesDodoApp(fs embed.FS) (dodoAppTmplts, error) {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]52 base, err := template.ParseFS(fs, "dodo-app-tmpl/base.html")
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]53 if err != nil {
54 return dodoAppTmplts{}, err
55 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]56 parse := func(path string) (*template.Template, error) {
57 if b, err := base.Clone(); err != nil {
58 return nil, err
59 } else {
60 return b.ParseFS(fs, path)
61 }
62 }
63 index, err := parse("dodo-app-tmpl/index.html")
64 if err != nil {
65 return dodoAppTmplts{}, err
66 }
67 appStatus, err := parse("dodo-app-tmpl/app_status.html")
68 if err != nil {
69 return dodoAppTmplts{}, err
70 }
71 return dodoAppTmplts{index, appStatus}, nil
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]72}
73
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]74type DodoAppServer struct {
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]75 l sync.Locker
76 st Store
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]77 nf NetworkFilter
78 ug UserGetter
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]79 port int
80 apiPort int
81 self string
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]82 repoPublicAddr string
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]83 sshKey string
84 gitRepoPublicKey string
85 client soft.Client
86 namespace string
87 envAppManagerAddr string
88 env installer.EnvConfig
89 nsc installer.NamespaceCreator
90 jc installer.JobCreator
91 workers map[string]map[string]struct{}
92 appNs map[string]string
93 sc *securecookie.SecureCookie
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]94 tmplts dodoAppTmplts
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]95 appTmpls AppTmplStore
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]96}
97
gio33059762024-07-05 13:19:07 +0400[diff] [blame]98// TODO(gio): Initialize appNs on startup
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]99func NewDodoAppServer(
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]100 st Store,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]101 nf NetworkFilter,
102 ug UserGetter,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]103 port int,
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]104 apiPort int,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]105 self string,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]106 repoPublicAddr string,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]107 sshKey string,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]108 gitRepoPublicKey string,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]109 client soft.Client,
110 namespace string,
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]111 envAppManagerAddr string,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]112 nsc installer.NamespaceCreator,
giof8843412024-05-22 16:38:05 +0400[diff] [blame]113 jc installer.JobCreator,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]114 env installer.EnvConfig,
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]115) (*DodoAppServer, error) {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]116 tmplts, err := parseTemplatesDodoApp(dodoAppTmplFS)
117 if err != nil {
118 return nil, err
119 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]120 sc := securecookie.New(
121 securecookie.GenerateRandomKey(64),
122 securecookie.GenerateRandomKey(32),
123 )
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]124 apps, err := fs.Sub(appTmplsFS, "app-tmpl")
125 if err != nil {
126 return nil, err
127 }
128 appTmpls, err := NewAppTmplStoreFS(apps)
129 if err != nil {
130 return nil, err
131 }
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]132 s := &DodoAppServer{
133 &sync.Mutex{},
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]134 st,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]135 nf,
136 ug,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]137 port,
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]138 apiPort,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]139 self,
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]140 repoPublicAddr,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]141 sshKey,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]142 gitRepoPublicKey,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]143 client,
144 namespace,
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]145 envAppManagerAddr,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]146 env,
gio33059762024-07-05 13:19:07 +0400[diff] [blame]147 nsc,
giof8843412024-05-22 16:38:05 +0400[diff] [blame]148 jc,
gio266c04f2024-07-03 14:18:45 +0400[diff] [blame]149 map[string]map[string]struct{}{},
gio33059762024-07-05 13:19:07 +0400[diff] [blame]150 map[string]string{},
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]151 sc,
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]152 tmplts,
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]153 appTmpls,
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]154 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]155 config, err := client.GetRepo(ConfigRepoName)
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]156 if err != nil {
157 return nil, err
158 }
159 r, err := config.Reader(namespacesFile)
160 if err == nil {
161 defer r.Close()
162 if err := json.NewDecoder(r).Decode(&s.appNs); err != nil {
163 return nil, err
164 }
165 } else if !errors.Is(err, fs.ErrNotExist) {
166 return nil, err
167 }
168 return s, nil
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]169}
170
171func (s *DodoAppServer) Start() error {
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]172 e := make(chan error)
173 go func() {
174 r := mux.NewRouter()
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]175 r.Use(s.mwAuth)
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]176 r.PathPrefix(staticPath).Handler(http.FileServer(http.FS(staticResources)))
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]177 r.HandleFunc(logoutPath, s.handleLogout).Methods(http.MethodGet)
178 r.HandleFunc("/{app-name}"+loginPath, s.handleLoginForm).Methods(http.MethodGet)
179 r.HandleFunc("/{app-name}"+loginPath, s.handleLogin).Methods(http.MethodPost)
180 r.HandleFunc("/{app-name}", s.handleAppStatus).Methods(http.MethodGet)
181 r.HandleFunc("/", s.handleStatus).Methods(http.MethodGet)
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]182 r.HandleFunc("/", s.handleCreateApp).Methods(http.MethodPost)
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]183 e <- http.ListenAndServe(fmt.Sprintf(":%d", s.port), r)
184 }()
185 go func() {
186 r := mux.NewRouter()
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]187 r.HandleFunc("/update", s.handleApiUpdate)
188 r.HandleFunc("/api/apps/{app-name}/workers", s.handleApiRegisterWorker).Methods(http.MethodPost)
189 r.HandleFunc("/api/apps", s.handleApiCreateApp).Methods(http.MethodPost)
190 r.HandleFunc("/api/add-admin-key", s.handleApiAddAdminKey).Methods(http.MethodPost)
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]191 e <- http.ListenAndServe(fmt.Sprintf(":%d", s.apiPort), r)
192 }()
193 return <-e
194}
195
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]196type UserGetter interface {
197 Get(r *http.Request) string
198}
199
200type externalUserGetter struct {
201 sc *securecookie.SecureCookie
202}
203
204func NewExternalUserGetter() UserGetter {
205 return &externalUserGetter{}
206}
207
208func (ug *externalUserGetter) Get(r *http.Request) string {
209 cookie, err := r.Cookie(sessionCookie)
210 if err != nil {
211 return ""
212 }
213 var user string
214 if err := ug.sc.Decode(sessionCookie, cookie.Value, &user); err != nil {
215 return ""
216 }
217 return user
218}
219
220type internalUserGetter struct{}
221
222func NewInternalUserGetter() UserGetter {
223 return internalUserGetter{}
224}
225
226func (ug internalUserGetter) Get(r *http.Request) string {
227 return r.Header.Get("X-User")
228}
229
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]230func (s *DodoAppServer) mwAuth(next http.Handler) http.Handler {
231 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]232 if strings.HasSuffix(r.URL.Path, loginPath) || strings.HasPrefix(r.URL.Path, logoutPath) || strings.HasPrefix(r.URL.Path, staticPath) {
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]233 next.ServeHTTP(w, r)
234 return
235 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]236 user := s.ug.Get(r)
237 if user == "" {
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]238 vars := mux.Vars(r)
239 appName, ok := vars["app-name"]
240 if !ok || appName == "" {
241 http.Error(w, "missing app-name", http.StatusBadRequest)
242 return
243 }
244 http.Redirect(w, r, fmt.Sprintf("/%s%s", appName, loginPath), http.StatusSeeOther)
245 return
246 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]247 next.ServeHTTP(w, r.WithContext(context.WithValue(r.Context(), userCtx, user)))
248 })
249}
250
251func (s *DodoAppServer) handleLogout(w http.ResponseWriter, r *http.Request) {
252 http.SetCookie(w, &http.Cookie{
253 Name: sessionCookie,
254 Value: "",
255 Path: "/",
256 HttpOnly: true,
257 Secure: true,
258 })
259 http.Redirect(w, r, "/", http.StatusSeeOther)
260}
261
262func (s *DodoAppServer) handleLoginForm(w http.ResponseWriter, r *http.Request) {
263 vars := mux.Vars(r)
264 appName, ok := vars["app-name"]
265 if !ok || appName == "" {
266 http.Error(w, "missing app-name", http.StatusBadRequest)
267 return
268 }
269 fmt.Fprint(w, `
270<!DOCTYPE html>
271<html lang='en'>
272 <head>
273 <title>dodo: app - login</title>
274 <meta charset='utf-8'>
275 </head>
276 <body>
277 <form action="" method="POST">
278 <input type="password" placeholder="Password" name="password" required />
279 <button type="submit">Login</button>
280 </form>
281 </body>
282</html>
283`)
284}
285
286func (s *DodoAppServer) handleLogin(w http.ResponseWriter, r *http.Request) {
287 vars := mux.Vars(r)
288 appName, ok := vars["app-name"]
289 if !ok || appName == "" {
290 http.Error(w, "missing app-name", http.StatusBadRequest)
291 return
292 }
293 password := r.FormValue("password")
294 if password == "" {
295 http.Error(w, "missing password", http.StatusBadRequest)
296 return
297 }
298 user, err := s.st.GetAppOwner(appName)
299 if err != nil {
300 http.Error(w, err.Error(), http.StatusInternalServerError)
301 return
302 }
303 hashed, err := s.st.GetUserPassword(user)
304 if err != nil {
305 http.Error(w, err.Error(), http.StatusInternalServerError)
306 return
307 }
308 if err := bcrypt.CompareHashAndPassword(hashed, []byte(password)); err != nil {
309 http.Redirect(w, r, r.URL.Path, http.StatusSeeOther)
310 return
311 }
312 if encoded, err := s.sc.Encode(sessionCookie, user); err == nil {
313 cookie := &http.Cookie{
314 Name: sessionCookie,
315 Value: encoded,
316 Path: "/",
317 Secure: true,
318 HttpOnly: true,
319 }
320 http.SetCookie(w, cookie)
321 }
322 http.Redirect(w, r, fmt.Sprintf("/%s", appName), http.StatusSeeOther)
323}
324
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]325type statusData struct {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]326 Apps []string
327 Networks []installer.Network
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]328 Types []string
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]329}
330
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]331func (s *DodoAppServer) handleStatus(w http.ResponseWriter, r *http.Request) {
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]332 user := r.Context().Value(userCtx)
333 if user == nil {
334 http.Error(w, "unauthorized", http.StatusUnauthorized)
335 return
336 }
337 apps, err := s.st.GetUserApps(user.(string))
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]338 if err != nil {
339 http.Error(w, err.Error(), http.StatusInternalServerError)
340 return
341 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]342 networks, err := s.getNetworks(user.(string))
343 if err != nil {
344 http.Error(w, err.Error(), http.StatusInternalServerError)
345 return
346 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]347 data := statusData{apps, networks, types}
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]348 if err := s.tmplts.index.Execute(w, data); err != nil {
349 http.Error(w, err.Error(), http.StatusInternalServerError)
350 return
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]351 }
352}
353
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]354type appStatusData struct {
355 Name string
356 GitCloneCommand string
357 Commits []Commit
358}
359
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]360func (s *DodoAppServer) handleAppStatus(w http.ResponseWriter, r *http.Request) {
361 vars := mux.Vars(r)
362 appName, ok := vars["app-name"]
363 if !ok || appName == "" {
364 http.Error(w, "missing app-name", http.StatusBadRequest)
365 return
366 }
367 commits, err := s.st.GetCommitHistory(appName)
368 if err != nil {
369 http.Error(w, err.Error(), http.StatusInternalServerError)
370 return
371 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]372 data := appStatusData{
373 Name: appName,
374 GitCloneCommand: fmt.Sprintf("git clone %s/%s\n\n\n", s.repoPublicAddr, appName),
375 Commits: commits,
376 }
377 if err := s.tmplts.appStatus.Execute(w, data); err != nil {
378 http.Error(w, err.Error(), http.StatusInternalServerError)
379 return
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]380 }
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]381}
382
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]383type apiUpdateReq struct {
gio266c04f2024-07-03 14:18:45 +0400[diff] [blame]384 Ref string `json:"ref"`
385 Repository struct {
386 Name string `json:"name"`
387 } `json:"repository"`
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]388 After string `json:"after"`
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]389}
390
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]391func (s *DodoAppServer) handleApiUpdate(w http.ResponseWriter, r *http.Request) {
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]392 fmt.Println("update")
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]393 var req apiUpdateReq
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]394 var contents strings.Builder
395 io.Copy(&contents, r.Body)
396 c := contents.String()
397 fmt.Println(c)
398 if err := json.NewDecoder(strings.NewReader(c)).Decode(&req); err != nil {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]399 http.Error(w, err.Error(), http.StatusBadRequest)
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]400 return
401 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]402 if req.Ref != "refs/heads/master" || req.Repository.Name == ConfigRepoName {
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]403 return
404 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]405 // TODO(gio): Create commit record on app init as well
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]406 go func() {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]407 owner, err := s.st.GetAppOwner(req.Repository.Name)
408 if err != nil {
409 return
410 }
411 networks, err := s.getNetworks(owner)
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]412 if err != nil {
413 return
414 }
415 if err := s.updateDodoApp(req.Repository.Name, s.appNs[req.Repository.Name], networks); err != nil {
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]416 if err := s.st.CreateCommit(req.Repository.Name, req.After, err.Error()); err != nil {
417 fmt.Printf("Error: %s\n", err.Error())
418 return
419 }
420 }
421 if err := s.st.CreateCommit(req.Repository.Name, req.After, "OK"); err != nil {
422 fmt.Printf("Error: %s\n", err.Error())
423 }
424 for addr, _ := range s.workers[req.Repository.Name] {
425 go func() {
426 // TODO(gio): make port configurable
427 http.Get(fmt.Sprintf("http://%s/update", addr))
428 }()
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]429 }
430 }()
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]431}
432
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]433type apiRegisterWorkerReq struct {
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]434 Address string `json:"address"`
435}
436
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]437func (s *DodoAppServer) handleApiRegisterWorker(w http.ResponseWriter, r *http.Request) {
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]438 vars := mux.Vars(r)
439 appName, ok := vars["app-name"]
440 if !ok || appName == "" {
441 http.Error(w, "missing app-name", http.StatusBadRequest)
442 return
443 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]444 var req apiRegisterWorkerReq
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]445 if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
446 http.Error(w, err.Error(), http.StatusInternalServerError)
447 return
448 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]449 if _, ok := s.workers[appName]; !ok {
450 s.workers[appName] = map[string]struct{}{}
gio266c04f2024-07-03 14:18:45 +0400[diff] [blame]451 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]452 s.workers[appName][req.Address] = struct{}{}
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]453}
454
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]455func (s *DodoAppServer) handleCreateApp(w http.ResponseWriter, r *http.Request) {
456 u := r.Context().Value(userCtx)
457 if u == nil {
458 http.Error(w, "unauthorized", http.StatusUnauthorized)
459 return
460 }
461 user, ok := u.(string)
462 if !ok {
463 http.Error(w, "could not get user", http.StatusInternalServerError)
464 return
465 }
466 network := r.FormValue("network")
467 if network == "" {
468 http.Error(w, "missing network", http.StatusBadRequest)
469 return
470 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]471 subdomain := r.FormValue("subdomain")
472 if subdomain == "" {
473 http.Error(w, "missing subdomain", http.StatusBadRequest)
474 return
475 }
476 appType := r.FormValue("type")
477 if appType == "" {
478 http.Error(w, "missing type", http.StatusBadRequest)
479 return
480 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]481 adminPublicKey := r.FormValue("admin-public-key")
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]482 if adminPublicKey == "" {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]483 http.Error(w, "missing admin public key", http.StatusBadRequest)
484 return
485 }
486 g := installer.NewFixedLengthRandomNameGenerator(3)
487 appName, err := g.Generate()
488 if err != nil {
489 http.Error(w, err.Error(), http.StatusInternalServerError)
490 return
491 }
492 if ok, err := s.client.UserExists(user); err != nil {
493 http.Error(w, err.Error(), http.StatusInternalServerError)
494 return
495 } else if !ok {
496 if err := s.client.AddUser(user, adminPublicKey); err != nil {
497 http.Error(w, err.Error(), http.StatusInternalServerError)
498 return
499 }
500 }
501 if err := s.st.CreateUser(user, nil, adminPublicKey, network); err != nil && !errors.Is(err, ErrorAlreadyExists) {
502 http.Error(w, err.Error(), http.StatusInternalServerError)
503 return
504 }
505 if err := s.st.CreateApp(appName, user); err != nil {
506 http.Error(w, err.Error(), http.StatusInternalServerError)
507 return
508 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]509 if err := s.CreateApp(user, appName, appType, adminPublicKey, network, subdomain); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]510 http.Error(w, err.Error(), http.StatusInternalServerError)
511 return
512 }
513 http.Redirect(w, r, fmt.Sprintf("/%s", appName), http.StatusSeeOther)
514}
515
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]516type apiCreateAppReq struct {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]517 AppType string `json:"type"`
gio33059762024-07-05 13:19:07 +0400[diff] [blame]518 AdminPublicKey string `json:"adminPublicKey"`
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]519 Network string `json:"network"`
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]520 Subdomain string `json:"subdomain"`
gio33059762024-07-05 13:19:07 +0400[diff] [blame]521}
522
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]523type apiCreateAppResp struct {
524 AppName string `json:"appName"`
525 Password string `json:"password"`
gio33059762024-07-05 13:19:07 +0400[diff] [blame]526}
527
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]528func (s *DodoAppServer) handleApiCreateApp(w http.ResponseWriter, r *http.Request) {
529 var req apiCreateAppReq
gio33059762024-07-05 13:19:07 +0400[diff] [blame]530 if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
531 http.Error(w, err.Error(), http.StatusBadRequest)
532 return
533 }
534 g := installer.NewFixedLengthRandomNameGenerator(3)
535 appName, err := g.Generate()
536 if err != nil {
537 http.Error(w, err.Error(), http.StatusInternalServerError)
538 return
539 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]540 user, err := s.client.FindUser(req.AdminPublicKey)
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]541 if err != nil {
gio33059762024-07-05 13:19:07 +0400[diff] [blame]542 http.Error(w, err.Error(), http.StatusInternalServerError)
543 return
544 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]545 if user != "" {
546 http.Error(w, "public key already registered", http.StatusBadRequest)
547 return
548 }
549 user = appName
550 if err := s.client.AddUser(user, req.AdminPublicKey); err != nil {
551 http.Error(w, err.Error(), http.StatusInternalServerError)
552 return
553 }
554 password := generatePassword()
555 hashed, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
556 if err != nil {
557 http.Error(w, err.Error(), http.StatusInternalServerError)
558 return
559 }
560 if err := s.st.CreateUser(user, hashed, req.AdminPublicKey, req.Network); err != nil {
561 http.Error(w, err.Error(), http.StatusInternalServerError)
562 return
563 }
564 if err := s.st.CreateApp(appName, user); err != nil {
565 http.Error(w, err.Error(), http.StatusInternalServerError)
566 return
567 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]568 if err := s.CreateApp(user, appName, req.AppType, req.AdminPublicKey, req.Network, req.Subdomain); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]569 http.Error(w, err.Error(), http.StatusInternalServerError)
570 return
571 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]572 resp := apiCreateAppResp{
573 AppName: appName,
574 Password: password,
575 }
gio33059762024-07-05 13:19:07 +0400[diff] [blame]576 if err := json.NewEncoder(w).Encode(resp); err != nil {
577 http.Error(w, err.Error(), http.StatusInternalServerError)
578 return
579 }
580}
581
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]582func (s *DodoAppServer) CreateApp(user, appName, appType, adminPublicKey, network, subdomain string) error {
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]583 s.l.Lock()
584 defer s.l.Unlock()
gio33059762024-07-05 13:19:07 +0400[diff] [blame]585 fmt.Printf("Creating app: %s\n", appName)
586 if ok, err := s.client.RepoExists(appName); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]587 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]588 } else if ok {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]589 return nil
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]590 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]591 networks, err := s.getNetworks(user)
592 if err != nil {
593 return err
594 }
595 n, ok := installer.NetworkMap(networks)[strings.ToLower(network)]
596 if !ok {
597 return fmt.Errorf("network not found: %s\n", network)
598 }
gio33059762024-07-05 13:19:07 +0400[diff] [blame]599 if err := s.client.AddRepository(appName); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]600 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]601 }
602 appRepo, err := s.client.GetRepo(appName)
603 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]604 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]605 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]606 if err := s.initRepo(appRepo, appType, n, subdomain); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]607 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]608 }
609 apps := installer.NewInMemoryAppRepository(installer.CreateAllApps())
610 app, err := installer.FindEnvApp(apps, "dodo-app-instance")
611 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]612 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]613 }
614 suffixGen := installer.NewFixedLengthRandomSuffixGenerator(3)
615 suffix, err := suffixGen.Generate()
616 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]617 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]618 }
619 namespace := fmt.Sprintf("%s%s%s", s.env.NamespacePrefix, app.Namespace(), suffix)
620 s.appNs[appName] = namespace
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]621 if err := s.updateDodoApp(appName, namespace, networks); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]622 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]623 }
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]624 repo, err := s.client.GetRepo(ConfigRepoName)
gio33059762024-07-05 13:19:07 +0400[diff] [blame]625 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]626 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]627 }
628 hf := installer.NewGitHelmFetcher()
629 m, err := installer.NewAppManager(repo, s.nsc, s.jc, hf, "/")
630 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]631 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]632 }
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]633 if err := repo.Do(func(fs soft.RepoFS) (string, error) {
634 w, err := fs.Writer(namespacesFile)
635 if err != nil {
636 return "", err
637 }
638 defer w.Close()
639 if err := json.NewEncoder(w).Encode(s.appNs); err != nil {
640 return "", err
641 }
642 if _, err := m.Install(
643 app,
644 appName,
645 "/"+appName,
646 namespace,
647 map[string]any{
648 "repoAddr": s.client.GetRepoAddress(appName),
649 "repoHost": strings.Split(s.client.Address(), ":")[0],
650 "gitRepoPublicKey": s.gitRepoPublicKey,
651 },
652 installer.WithConfig(&s.env),
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]653 installer.WithNoNetworks(),
gio9d66f322024-07-06 13:45:10 +0400[diff] [blame]654 installer.WithNoPublish(),
655 installer.WithNoLock(),
656 ); err != nil {
657 return "", err
658 }
659 return fmt.Sprintf("Installed app: %s", appName), nil
660 }); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]661 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]662 }
663 cfg, err := m.FindInstance(appName)
664 if err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]665 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]666 }
667 fluxKeys, ok := cfg.Input["fluxKeys"]
668 if !ok {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]669 return fmt.Errorf("Fluxcd keys not found")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]670 }
671 fluxPublicKey, ok := fluxKeys.(map[string]any)["public"]
672 if !ok {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]673 return fmt.Errorf("Fluxcd keys not found")
gio33059762024-07-05 13:19:07 +0400[diff] [blame]674 }
675 if ok, err := s.client.UserExists("fluxcd"); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]676 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]677 } else if ok {
678 if err := s.client.AddPublicKey("fluxcd", fluxPublicKey.(string)); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]679 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]680 }
681 } else {
682 if err := s.client.AddUser("fluxcd", fluxPublicKey.(string)); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]683 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]684 }
685 }
686 if err := s.client.AddReadOnlyCollaborator(appName, "fluxcd"); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]687 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]688 }
689 if err := s.client.AddWebhook(appName, fmt.Sprintf("http://%s/update", s.self), "--active=true", "--events=push", "--content-type=json"); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]690 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]691 }
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]692 if err := s.client.AddReadWriteCollaborator(appName, user); err != nil {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]693 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]694 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]695 return nil
gio33059762024-07-05 13:19:07 +0400[diff] [blame]696}
697
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]698type apiAddAdminKeyReq struct {
gio70be3e52024-06-26 18:27:19 +0400[diff] [blame]699 Public string `json:"public"`
700}
701
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]702func (s *DodoAppServer) handleApiAddAdminKey(w http.ResponseWriter, r *http.Request) {
703 var req apiAddAdminKeyReq
gio70be3e52024-06-26 18:27:19 +0400[diff] [blame]704 if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
705 http.Error(w, err.Error(), http.StatusBadRequest)
706 return
707 }
708 if err := s.client.AddPublicKey("admin", req.Public); err != nil {
709 http.Error(w, err.Error(), http.StatusInternalServerError)
710 return
711 }
712}
713
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]714func (s *DodoAppServer) updateDodoApp(name, namespace string, networks []installer.Network) error {
gio33059762024-07-05 13:19:07 +0400[diff] [blame]715 repo, err := s.client.GetRepo(name)
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]716 if err != nil {
717 return err
718 }
giof8843412024-05-22 16:38:05 +0400[diff] [blame]719 hf := installer.NewGitHelmFetcher()
gio33059762024-07-05 13:19:07 +0400[diff] [blame]720 m, err := installer.NewAppManager(repo, s.nsc, s.jc, hf, "/.dodo")
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]721 if err != nil {
722 return err
723 }
724 appCfg, err := soft.ReadFile(repo, "app.cue")
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]725 if err != nil {
726 return err
727 }
728 app, err := installer.NewDodoApp(appCfg)
729 if err != nil {
730 return err
731 }
giof8843412024-05-22 16:38:05 +0400[diff] [blame]732 lg := installer.GitRepositoryLocalChartGenerator{"app", namespace}
giof71a0832024-06-27 14:45:45 +0400[diff] [blame]733 if _, err := m.Install(
734 app,
735 "app",
736 "/.dodo/app",
737 namespace,
738 map[string]any{
gioa60f0de2024-07-08 10:49:48 +0400[diff] [blame]739 "repoAddr": repo.FullAddress(),
740 "managerAddr": fmt.Sprintf("http://%s", s.self),
741 "appId": name,
742 "sshPrivateKey": s.sshKey,
giof71a0832024-06-27 14:45:45 +0400[diff] [blame]743 },
gio33059762024-07-05 13:19:07 +0400[diff] [blame]744 installer.WithConfig(&s.env),
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]745 installer.WithNetworks(networks),
giof71a0832024-06-27 14:45:45 +0400[diff] [blame]746 installer.WithLocalChartGenerator(lg),
747 installer.WithBranch("dodo"),
748 installer.WithForce(),
749 ); err != nil {
gio0eaf2712024-04-14 13:08:46 +0400[diff] [blame]750 return err
751 }
752 return nil
753}
gio33059762024-07-05 13:19:07 +0400[diff] [blame]754
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]755func (s *DodoAppServer) initRepo(repo soft.RepoIO, appType string, network installer.Network, subdomain string) error {
756 appType = strings.ReplaceAll(appType, ":", "-")
757 appTmpl, err := s.appTmpls.Find(appType)
758 if err != nil {
759 return err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]760 }
gio33059762024-07-05 13:19:07 +0400[diff] [blame]761 return repo.Do(func(fs soft.RepoFS) (string, error) {
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]762 if err := appTmpl.Render(network, subdomain, repo); err != nil {
763 return "", err
gio33059762024-07-05 13:19:07 +0400[diff] [blame]764 }
gio5e49bb62024-07-20 10:43:19 +0400[diff] [blame^]765 return "init", nil
gio33059762024-07-05 13:19:07 +0400[diff] [blame]766 })
767}
gio81246f02024-07-10 12:02:15 +0400[diff] [blame]768
769func generatePassword() string {
770 return "foo"
771}
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]772
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]773func (s *DodoAppServer) getNetworks(user string) ([]installer.Network, error) {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]774 addr := fmt.Sprintf("%s/api/networks", s.envAppManagerAddr)
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]775 resp, err := http.Get(addr)
776 if err != nil {
777 return nil, err
778 }
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]779 networks := []installer.Network{}
780 if json.NewDecoder(resp.Body).Decode(&networks); err != nil {
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]781 return nil, err
782 }
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]783 return s.nf.Filter(user, networks)
784}
785
786func pickNetwork(networks []installer.Network, network string) []installer.Network {
787 for _, n := range networks {
788 if n.Name == network {
789 return []installer.Network{n}
790 }
791 }
792 return []installer.Network{}
793}
794
795type NetworkFilter interface {
796 Filter(user string, networks []installer.Network) ([]installer.Network, error)
797}
798
799type noNetworkFilter struct{}
800
801func NewNoNetworkFilter() NetworkFilter {
802 return noNetworkFilter{}
803}
804
805func (f noNetworkFilter) Filter(app string, networks []installer.Network) ([]installer.Network, error) {
806 return networks, nil
807}
808
809type filterByOwner struct {
810 st Store
811}
812
813func NewNetworkFilterByOwner(st Store) NetworkFilter {
814 return &filterByOwner{st}
815}
816
817func (f *filterByOwner) Filter(user string, networks []installer.Network) ([]installer.Network, error) {
818 network, err := f.st.GetUserNetwork(user)
819 if err != nil {
820 return nil, err
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]821 }
822 ret := []installer.Network{}
823 for _, n := range networks {
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]824 if n.Name == network {
gio23bdc1b2024-07-11 16:07:47 +0400[diff] [blame]825 ret = append(ret, n)
826 }
827 }
giocb34ad22024-07-11 08:01:13 +0400[diff] [blame]828 return ret, nil
829}
gio11617ac2024-07-15 16:09:04 +0400[diff] [blame]830
831type allowListFilter struct {
832 allowed []string
833}
834
835func NewAllowListFilter(allowed []string) NetworkFilter {
836 return &allowListFilter{allowed}
837}
838
839func (f *allowListFilter) Filter(app string, networks []installer.Network) ([]installer.Network, error) {
840 ret := []installer.Network{}
841 for _, n := range networks {
842 if slices.Contains(f.allowed, n.Name) {
843 ret = append(ret, n)
844 }
845 }
846 return ret, nil
847}
848
849type combinedNetworkFilter struct {
850 filters []NetworkFilter
851}
852
853func NewCombinedFilter(filters ...NetworkFilter) NetworkFilter {
854 return &combinedNetworkFilter{filters}
855}
856
857func (f *combinedNetworkFilter) Filter(app string, networks []installer.Network) ([]installer.Network, error) {
858 ret := networks
859 var err error
860 for _, f := range f.filters {
861 ret, err = f.Filter(app, ret)
862 if err != nil {
863 return nil, err
864 }
865 }
866 return ret, nil
867}